mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-02-17 18:07:10 +00:00
8 lines
189 B
SQL
8 lines
189 B
SQL
-- Return the list of watched file events (must be configured)
|
|
--
|
|
-- tags: postmortem
|
|
-- platform: posix
|
|
-- interval: 900
|
|
SELECT *
|
|
FROM file_events
|
|
WHERE time > (strftime('%s', 'now') -900) |